DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

MN: Fairview Health Services and North Memorial Hospital inform patients of breach due to Accretive Health's security #FAIL

Posted on September 28, 2011 by Dissent

Lorna Benson reports:

Fairview and North Memorial Hospitals are notifying more than 16,000 patients that a laptop containing their personal and medical information was stolen.

The laptop belonged to a healthcare services firm that coordinates services for Fairview. The theft occurred on July 25 in the parking lot of a Minneapolis restaurant.

The computer contained the names of 14,000 Fairview patients along with their addresses, dates of birth, some diagnostic information and social security numbers. Approximately 2,800 North Memorial patients were also affected, but the information on the laptop didn’t include their social security numbers or home addresses.

Read more on Minnesota Public Radio. Maura Lerner and Tony Kennedy of the Minneapolis Star Tribune add some additional details, including that Fairview was notified of the breach within days.

Not only was the laptop unencrypted – reportedly  in violation of Accretive’s own policies and procedures – but their employee left the laptop in a car in a restaurant parking lot. Has the employee been fired?  How often does Accretive actually audit laptops to confirm that they are properly encrypted?  Accretive did not respond to requests for additional information about this incident.

I am really on the warpath about data losses due to unencrypted information being left in unattended cars.  This is the second breach report today involving a laptop with unencrypted PHI being stolen from an employee’s car.

When is HHS going to start smacking some of these companies with fines for this type of easily avoidable and ridiculous breach? And if they won’t, will some state attorney general?

Although this breach will cost Accretive, who is footing the costs for free credit monitoring for those affected, there appear to be no long-term consequences for Accretive in terms of its relationship with Fairview:

Fairview’s chief clinical integration officer Dr. Mark Werner said privacy breach will not stop Fairview from exchanging patient information with Accretive Health.

“The sharing of health information is a challenge that we all face. But at the same time we need to continue to grow our capabilities of taking care of our community and our population of patients better and better,” Werner said. “And having committed strategic partners like Accretive I think is appropriate and part of that effort.”

Part of that effort should be auditing your strategic partners to ensure they are complying with your privacy and security clauses in your contract, too, no? Has Fairview done that? Will it do it now?  And why did the data have to leave the premises instead of being remotely accessible to the consultant?

Yes, you are hearing disbelief and frustration.  There is simply too much information needlessly leaving the reservation and more secure environments to be left in employees’ cars.

But that’s just my .02.  Your mileage may vary.

Related:

  • Senator Franken questions Accretive about…
  • July theft of computer with Fairview patient data…
  • Attorney General Swanson Sues Accretive Health for…
  • 1749 French based Sites Defaced by CwGhost.
  • Accretive Health Settles FTC Charges That It Failed…
Category: Health Data

Post navigation

← UKChatterbox urges password change following hack attack
Ca: 1,500 patients' private info lost →

2 thoughts on “MN: Fairview Health Services and North Memorial Hospital inform patients of breach due to Accretive Health's security #FAIL”

  1. Anonymous says:
    September 28, 2011 at 4:58 pm

    Hm, interesting. I blogged about this story yesterday, using the Star Tribune as my source. I’ve gone back to the Tribune article, and it looks like any references to the laptop being a personal one to the employee have been removed. I know it was there as my own post centered around that particular “fact.”

    1. Anonymous says:
      September 28, 2011 at 6:38 pm

      Yep, I had seen that reference to it being the employee’s laptop, too, although I don’t remember which article I had seen it in. But I realized it had to be company-issued because of the spokesperson’s statements about how due to human error, this laptop hadn’t been encrypted, when it should have been.

      It would be nice if papers didn’t do silent deletes and pointed out where they’ve edited or changed a story.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math
  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.